<div dir="ltr"><div>Understood. <br><br></div>Thanks Stian<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 10, 2016 at 7:41 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">There's no explicit version check. For OpenID Connect there may be changes to the token between versions that would cause issues for example. I'd say 1.6.1 adapter has a good chance to work with Keycloak 1.9 as I can't remember anything we changed that would break it, but without going to hundreds of JIRA issues and also testing it there's no way to be sure.<div><br></div><div>Due to the fast pace we've been having lately we've not been able to test or document what adapters will work with what versions of the server. I hope we can do this in the future.</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On 9 March 2016 at 17:12, Orestis Tsakiridis <span dir="ltr"><<a href="mailto:orestis.tsakiridis@telestax.com" target="_blank">orestis.tsakiridis@telestax.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>I see. <br><br></div>I suppose the fewer keycloak features an application uses the smaller is the exposure to incompatibilities and braking. For example if only the OpenID Connect/Oauth authentication is used and keycloak Admin REST api is avoided chances is that an upgrade won't brake things.<br><br>Is this the case or an explicit version check prevents an adapter from working at all in case an incompatibility is detected ?<br><br></div><br></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Mar 9, 2016 at 4:40 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">To make sure everything works as expected you should upgrade both server and adapters at the same time. I understand this is not always convenient and we are planning to reduce this restriction in the future.</div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On 9 March 2016 at 15:30, Orestis Tsakiridis <span dir="ltr"><<a href="mailto:orestis.tsakiridis@telestax.com" target="_blank">orestis.tsakiridis@telestax.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><div><div>Hello!<br><br></div>Is it possible to secure applications using old adapters (say 1.6.1) with a keycloak server of more recent version (say 1.9.0) ?<br><br>The question boils down to what is the proper upgrade policy in a keycloak secured system with many applications provided by different customers. If an application with an old adapter does not work with a newer keycloak server then it seems all (both keycloak and applications) should be upgraded in a single step.<br><br></div><div><br></div><div><br></div><div><div><br><br><br></div></div></div>
<br></div></div>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>